Application Load Balancer (ALB) instances receive requests from clients and distribute requests across backend servers based on the forwarding rules that you configure on listeners. To use the ALB service, you must create an ALB instance and add listeners and backend servers to the ALB instance.
Note By default, ALB supports cross-zone load balancing. When an ALB instance receives requests from clients, the ALB instance distributes the requests across backend servers that are deployed in different zones of the region to which the ALB instance belongs. You cannot disable cross-zone load balancing for ALB.
Domain names
ALB provides services through domain names. You can map custom domain names to the domain name of ALB. This allows users to access your services in a more convenient manner.
- We recommend that you use CNAME records to map custom domain names to the domain name of your ALB instance. This allows users to access your services in a more convenient manner.
- If you want to resolve a custom domain name to a specific IP address, we recommend that you use an ALB instance with a specific IP address and use A records to resolve the custom domain name to the IP address of the ALB instance.
Instance status
The following table describes the different states of an ALB instance and whether the specified operations are supported.
| Status | Description | The reason the ALB instance is locked | Whether the ALB instance can be deleted | Whether the configuration can be changed |
|---|---|---|---|---|
| Running | The ALB instance runs as expected. | N/A | Based on whether deletion protection is enabled. | Based on whether the configuration read-only mode is enabled. |
| Creating | The ALB instance is being created. | N/A | No | No |
| Updating Configuration | The configuration of the ALB instance is being updated. | N/A | No | |
| Creation Failed | The ALB instance fails to be created. | N/A | Yes | |
| Stopped | The ALB instance stops running. | Locked (Overdue Payment): The ALB instance is locked due to overdue payments. Renew your ALB instance at your earliest opportunity. The ALB instance resumes providing services after it is unlocked. | No | |
| Locked (Associated Resources in Abnormal State): The elastic IP addresses (EIPs) or EIP bandwidth plans that are associated with the ALB instance are locked due to overdue payments. Renew your EIPs or EIP bandwidth plans at the earliest opportunity. The ALB instance resumes providing services after the associated resources are unlocked. | No | |||
| Locked (Associated Resources Overdue and Released): The EIPs or EIP bandwidth plans that are associated with the ALB instance are released due to overdue payments and the ALB instance is unavailable. We recommend that you release the ALB instance. | Yes |
Network types
Alibaba Cloud provides Internet-facing and internal-facing ALB instances.
You can change the network type of an ALB instance as needed. For more information, see Change the network type of an ALB instance
Internet-facing ALB instances
After you create an Internet-facing ALB instance, the system automatically allocates a public and a private IP address to each zone of the ALB instance.
- Internet-facing ALB instances use EIPs to provide services and forward requests from the Internet to backend servers based on the rules that you configure for listeners.
- The private IP address of an Internet-facing ALB instance can be accessed by Elastic Compute Service (ECS) instances that are deployed in the virtual private cloud (VPC) to which the ALB instance belongs.
Internal-facing ALB instances
After you create an internal-facing ALB instance, the system automatically allocates a private IP address to each zone of the ALB instance.
- Internal-facing ALB instances forward requests from the VPCs to which they belong to backend servers based on the rules that you configure for listeners.
- An internal-facing ALB instance cannot be accessed over the Internet.
IP versions
IPv4 and dual-stack
ALB supports IPv4 and dual-stack networking.
| IP version | Default value | Description |
|---|---|---|
| IPv4 |
| Clients can use only IPv4 addresses (such as 192.0.2.1) to access IPv4 ALB instances. IPv4 ALB instances can forward requests from IPv4 clients to backend IPv4 services. |
| Dual-stack |
| Clients can use IPv4 addresses (such as 192.168.0.1) and IPv6 addresses (such as 2001:db8:1:1:1:1:1:1) to access dual-stack ALB instances. Dual-stack ALB instances can forward requests from IPv4 and IPv6 clients to backend IPv4 and IPv6 services.
|
Note You can determine the network type of a dual-stack ALB instance based on the network type of its IPv4 address. If the IPv4 address is a private IP address, it indicates that the ALB instance is internal-facing. If the IPv4 IP address is a public IP address, it indicates that the instance is Internet-facing.
Usage notes on dual-stack ALB instances
- The dual-stack feature is not available by default. To use the feature, log on to the Quota Center console. On the Whitelist Quotas page, enter the quota ID
slb_user_visible_gray_label/support_ipv6, and click Apply. For more information, see Manage ALB quotas. - You cannot enable access control for listeners of dual-stack ALB instances.
- You cannot upgrade existing IPv4 ALB instances to dual-stack ALB instances. You can only create dual-stack ALB instances.
Regions that support dual-stack ALB instances
| Geographic location | Alibaba Cloud region |
|---|---|
| China | China (Hangzhou), China (Shanghai), China (Shenzhen), China (Chengdu), China (Qingdao), China (Beijing), China (Zhangjiakou), China (Ulanqab), China (Hong Kong), and China (Guangzhou) |
| Asia Pacific | Singapore |
| Europe and Americas | Germany (Frankfurt) and US (Virginia) |
Integration with WAF
ALB provides the WAF Enabled edition to allow for the integration of WAF and ALB. When ALB is protected by WAF, take note of the following items:
- Your Alibaba Cloud account does not have a WAF 2.0 instance or has never activiated WAF: Both of Internect-facing and internal-facing ALB instances can be connected to WAF 3.0. For more information, see Activate and manage WAF-enabled ALB instances. Only ALB instances that are deployed in the following regions can be added to WAF 3.0:
Area Region China China (Chengdu), China (Qingdao), China (Beijing), China (Guangzhou), China (Hangzhou), China (Ulanqab), China (Shanghai), China (Shenzhen), China (Zhangjiakou), and China (Hong Kong) Asia Pacific Philippines (Manila), Indonesia (Jakarta), Japan (Tokyo), Malaysia (Kuala Lumpur), Australia (Sydney), Singapore, and India (Mumbai) Europe and Americas Germany (Frankfurt), US (Silicon Valley), and US (Virginia) - Your Alibaba Cloud account already has a WAF 2.0 instance: You can add Internet-facing ALB of the Basic edition and Internet-facing ALB instances of the Standard edition to WAF 2.0 in transparent proxy mode. You cannot enable WAF 2.0 protection for internal-facing ALB instances.
Only ALB instances in the China (Hangzhou), China (Shanghai), China (Shenzhen), China (Chengdu), China (Beijing), and China (Zhangjiakou) regions can be added to WAF 2.0 in transparent proxy mode.
Note If you want to add ALB instances to WAF 3.0, you must first release your WAF 2.0 instance or migrate it to WAF 3.0. Automatic migration is not supported. If you want to migrate to WAF 3.0, consult our experts in the DingTalk Group (Group ID: 34657699). For more information about how to release a WAF 2.0 instance, see Terminate the WAF service.